10 matches found
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...
CVE-2026-40331
Summary: Masa CMS is affected by an unauthenticated SQL injection via the altTable parameter in the JSON API for multiple versions (7.2.0–7.2.9, 7.3.0–7.3.14, 7.4.0–7.4.9, 7.5.0–7.5.2). The vulnerability arises because the value passed to setAltTable() is stored without validation and is inserted...
EUVD-2024-30445
Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...
CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/
Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...
EUVD-2024-30444
Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...
CVE-2024-32640
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...
CVE-2024-32640 MasaCMS SQL Injection vulnerability
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...
EUVD-2024-30442
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for th...
CVE-2022-47002
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request...
PT-2023-15129 · Masacms · Masacms
Name of the Vulnerable Software and Affected Versions: Masa CMS versions 7.2 through 7.4-beta Description: A vulnerability in the Remember Me function of Masa CMS allows attackers to bypass authentication via a crafted web request. Recommendations: For versions 7.2 through 7.4-beta, consider...